Critical severity9.8NVD Advisory· Published Aug 11, 2021· Updated Jun 17, 2026
CVE-2020-25566
CVE-2020-25566
Description
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64(desired password).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SapphireIMS/SapphireIMSdescription
- Range: 5.0
Patches
Vulnerability mechanics
References
2- vuln.shellcoder.party/2020/09/19/cve-2020-25566-sapphireims-unauthenticated-account-takeover/nvdExploitThird Party Advisory
- vuln.shellcoder.party/tags/sapphireims/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.